Popular

September 5, 2012

Be Careful What You Do On BitTorrent, You’re Being Watched!

by editor

redOrbit Staff & Wire Reports - Your Universe Online

BitTorrent users who download copyrighted content are likely to have their IP-addresses logged by anti-piracy monitoring firms within three hours, according to a new report by a team of computer scientists at the University of Birmingham, UK.

The researchers said they were “surprised” at the scale of the monitoring.

BitTorrent is a method of obtaining files by downloading from many users simultaneously. The protocol uses servers known as trackers, which help clients find others interested in exchanging parts of the same file. The total group of people exchanging the same file with each another is known as a "swarm". Whenever a new client joins a swarm, it announces itself to the tracker, which then provides a list of other peers on the network.

This scheme produces two methods for firms to monitor a BitTorrent network: 1) indirect monitoring, in which peers simply join the network to get the tracker to provide a list of the IP address of other network users, and 2) direct monitoring, which involves actually communicating with other peers.

While indirect monitoring provides fairly weak evidence that peers have engaged in copyright infringement, since clients can join a network without actually exchanging files, direct monitoring can provide more convincing evidence of infringement. This is because it allows the monitors to see how much of a file each client claims to have downloaded, and even exchange copies of a copyright-protected file with others on the network.

In their multi-year study, the University of Birmingham researchers developed software that simulated a BitTorrent file-sharing client, and then logged all the connections made to it.

Over the course of two years, they measured the activity of 1,033 swarms across 421 trackers for 36 days, collecting over 150GB of BitTorrent traffic.

The logs revealed that the firms monitoring the BitTorrent downloads did not differentiate between frequent illegal downloaders and those new to BitTorrent, the researchers said.

"You don't have to be a mass downloader. Someone who downloads a single movie will be logged as well," said lead researcher Dr. Tom Chothia in an interview with BBC News.

The monitoring was most prevalent for popular content, while less popular content was monitored less frequently.

"If the content was in the top 100 it was monitored within hours," Dr. Chothia said.

"Someone will notice and it will be recorded.”

Copyright holders could use the logs to crack down on illegal downloads, the researchers said.

The report identified 10 different monitoring firms logging content, a few of which were identifiable as copyright-enforcement organizations, security firms and research labs. Six of the most frequent monitoring agents were more difficult to identify, as the companies behind them used third-party hosting firms to run the searches for them.

It is not clear why such firms would want this vast amount of data, Chothia said.

"Many firms are simply sitting on the data. Such monitoring is easy to do and the data is out there so they think they may as well collect it as it may be valuable in future.”

Some organizations suspected of conducting large-scale monitoring have been accused of selling the data to copyright holders for marketing purposes.

"The data shows what content is popular and where," said Dr. Chothia.

The study also found that publicly available blocklists, which are used by some BitTorrent users to prevent contact with monitors, might not be effective.

"Many of the monitors we found weren't on the blocklists so these measures to bypass the monitors aren't really working," said Dr. Chothia.

These blocklists also “contain large incidences of false positives and false negatives," the researchers said.

Some copyright owners in Europe and the U.S. are using the IP addresses gathered by monitoring firms to apply for court orders forcing Internet service providers to disclose the physical addresses associated with the users´ account. The copyright owners are then contacting the users seeking compensation, or warning of the possibility of legal action.

However, Dr. Chothia doubts evidence gathered in this way would hold up in court. Legal experts have also questioned whether evidence collected from an IP address could be used in court, because such an address identifies only the Internet connection used for downloading, rather than a specific person.

"All the monitors observed during the study would connect to file-sharers and verify that they were running the BitTorrent software, but they would not actually collect any of the files being shared," Dr. Chothia said.

"It is questionable whether the monitors observed would actually have evidence of file-sharing that would stand up in court.”

The research by Chothia and colleagues will likely escalate the ongoing race between file-sharers and copyright protectors. For instance, BitTorrent users will likely make use of the new monitor-detection techniques identified by the report to create more accurate blocklists. Monitoring firms, in turn, could enhance their monitoring clients to behave more like real clients.

The report will be presented at this week´s SecureComm conference in Italy.